Facebook的access_tokens在PHP和JS的diffeerent？

Question

I am going crazy here,

i dont understand how facebook handles the token thing. I use php sdk for web login. This works, i can get with

$facebook->api('/me');

the data from user etc.

But after a short time i do get the * fb error:

OAuthException: An active access token must be used to query information about the current user.

even though the user is still logged in. When i disconnect and login with facebook again, i do not get a new token (i think because the cookie is still active?)

When i delete all cookies it works for a while.

BUT when i check back with JS SDK

FB.getLoginStatus(function(response){FB.api('/me', function(response) {});});

I always have an active access_token and within it i can call the api, but only within...

Why i cannot use the same token in php and js or why are they different?????

Please help me.

EDIT

To explain it better. In php the access_token changes from eg 'CDAtEg' etc. to '148234' etc. (dont know why). if i do the api request in php i got the OAuthException but in js SDK the old Token 'CDAtEg' is still active and i got the user_data till the token exprires.

Why i cannot use the same token in php again and why it is deleted? I do not find the reason for that.

EDIT 2

Thank you for your ideas so far. I found out two things now. First, when i save the token i get from JS SDK and use it with

$facebook->setAccessToken()

it seems to work so far. Second, as phwd posted below the user_access token i got from php is deleted after 2,3 minutes. How can i found the origin of this problem?

Answer 1

Both tokens expire because they are the same user token.

In the PHP SDK, if the token expires or gets thrown out for some error, the PHP SDK will set the default token to the application token

https://github.com/facebook/facebook-php-sdk/blob/master/src/base_facebook.php#L389

  /**
   * Determines the access token that should be used for API calls.
   * The first time this is called, $this->accessToken is set equal
   * to either a valid user access token, or it's set to the application
   * access token if a valid user access token wasn't available.  Subsequent
   * calls return whatever the first call returned.
   *
   * @return string The access token
   */
  public function getAccessToken() {
    if ($this->accessToken !== null) {
      // we've done this already and cached it.  Just return.
      return $this->accessToken;
    }

    // first establish access token to be the application
    // access token, in case we navigate to the /oauth/access_token
    // endpoint, where SOME access token is required.
    $this->setAccessToken($this->getApplicationAccessToken());
    $user_access_token = $this->getUserAccessToken();
    if ($user_access_token) {
      $this->setAccessToken($user_access_token);
    }

    return $this->accessToken;
  }

Thus you must introduce login handling in PHP to ensure no calls are taken unless a valid user access token is supplied.

In JS SDK, most setups unless you explicitly set it otherwise will push the user through login after token expiry.

As you describe it seems as though an error is pushing the PHP SDK to use the default application token.

You can even sure that the user access token being used in the JS SDK will work in the PHP SDK if it is indeed still active , by setting it

$facebook->setAccessToken('YOUR_ACCESS_TOKEN_IN_JS_SDK');

Once this works then the error elsewhere in your code (which you have not supplied).

Answer 2

After some time-interval access token gets expired. Facebook gives new access token for every session. Access token is not always same for each user and each session.

Answer 3

BUT when i check back with facebook SDK

This is happens because FB.api check is your access_token valid and if not valid update it.

In php you need to do this manually. More with code examples PHP SDK: How do I capture the access token after user auths app?